Mar22020 by genxwordadminNo Comments
How to Secure Your Organization’s Network Following a Remote Work Adoption

How to Secure Your Organization’s Network Following a Remote Work Adoption

Information Security
How to Secure Your Organization’s Network Following a Remote Work Adoption The COVID-19 disease, now observed in a significant number of countries, has opened a new awareness to remote work for workers and employers wanting to avoid physical gatherings. What Is Remote Work? Remote work is the practice of working for an extended period outside the formal office. This practice, also known as telecommuting, teleworking and work from home, is nothing new. Fast internet connections, high-speed computers and more sophisticated applications have propelled the growth of remote work. Data from Canada’s General Social Survey (GSS) in 2016 showed that 2.3 million paid workers or 12.7% of the total workforce of Canada telework at least an hour a week. Out of the total number of Canadians who work from home for…
Read More
Feb262020 by genxwordadminNo Comments
How to Protect Cloud Data

How to Protect Cloud Data

Information Security
How to Protect Cloud Data The recently disclosed data breach at MGM Resorts, exposing millions of the personal details of former hotel guests, highlights the importance of protecting your organization’s data stored in the cloud. An MGM spokesperson told ZDNet, "Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts." The company said it promptly notified all impacted former hotel guests in accordance with applicable state laws. The company added that no financial, payment card or password data was involved in the data breach. While the unauthorized access to MGM’s cloud server happened months ago, details of this data breach only surfaced when a malicious actor published on a hacking forum last week the personal details of…
Read More
Feb182020 by genxwordadminNo Comments
In Focus: Backdoor Malware Targeting SSH Keys

In Focus: Backdoor Malware Targeting SSH Keys

Information Security
In Focus: Backdoor Malware Targeting SSH Keys A backdoor malware that targeted SSH keys previously used by the most sophisticated and well-financed threat groups has trickled down to ordinary cybercriminals as this malware is now being sold to anyone with access to the dark web, a new report showed. “SSH keys can be potent weapons in the wrong hands,” Yana Blachman, threat intelligence specialist at Venafi, told Infosecurity. “But until recently, only the most sophisticated, well-financed hacking groups had this kind of capability. Now, we’re seeing a ‘trickle-down’ effect, where SSH capabilities are becoming commoditized.” What Is SSH? SSH, which stands for Secure Shell, is a protocol used to secure remote login from one computer to another. The SSH protocol is used for many applications across many platforms, including Linux,…
Read More
Feb112020 by genxwordadminNo Comments
Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack

Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack

Information Security, IT Support
Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack Maastricht University, a government-funded institution in the Netherlands, recently admitted that it paid ransomware attacker a ransom of 30 Bitcoin, valued nearly 220,000 USD at the time of payment. The University, in a statement, said it fell victim to a ransomware attack on December 23, 2019. While the University’s IT infrastructure consists of 1,647 Linux and Windows servers and 7,307 workstations, the University said, the attacker only hit 267 Windows servers. The University added that backups of these servers were also affected. In ransomware attacks, attackers prevent legitimate users from accessing their computers or files through the process known as encryption. Attackers then demand from their victims ransom in exchange for the decryption keys that would unlock the encrypted files.…
Read More
Jan272020 by genxwordadminNo Comments
Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records

Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records

Information Security
Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records Microsoft recently admitted that its internal customer support database was inadvertently exposed to the public as a result of a misconfiguration of the security rules of Azure – the company’s own cloud service. According to Microsoft, a change or the misconfiguration of the security rules of Azure, which led to the public exposure of the company’s internal customer support database, was made on December 5, 2019. Microsoft said this misconfiguration was corrected on December 31, 2019. The company said that the vast majority of the exposed records were cleared of personal information as the company redacts personal information using automated tools. The company, however, said that some of the exposed records weren’t redacted, such as an email address…
Read More
Jan132020 by genxwordadminNo Comments
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Information Security, IT Support
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching The recent ransomware attack on Travelex, considered as the world's biggest foreign currency exchange company, highlights the importance of applying security patches in a timely manner. Travelex disclosed that on New Year’s Eve it’s corporate network was hit by the ransomware called “Sodinokibi”, also known as REvil ransomware. In a ransomware attack, legitimate users are prevented in accessing their computers or their data. The company said it immediately took all its systems offline to prevent the spread of REvil ransomware across the company’s network, forcing the company’s staff to resort to using pen and paper. The company’s ransomware attack disclosure came seven days after the attack. The group behind the REvil ransomware told the BBC that it gained access to Travelex’…
Read More
Dec302019 by genxwordadminNo Comments
In Focus: Cloud Security in 2020

In Focus: Cloud Security in 2020

Information Security
In Focus: Cloud Security in 2020 In 2019, cloud computing really took off. Cloud security, however, took a backseat in 2019, leading to unprecedented cloud data breaches and data exposures. In 2020, it’s expected that cloud management will shift focus to security. What Is Cloud Computing? The cloud in the phrase “cloud computing” refers to the internet. Computing, meanwhile, refers to any activity that uses computers. In cloud computing, the computing activity is done over the internet instead of the computer's hard drive. Software as a Service, also known as (SaaS), Infrastructure as a service (IaaS) and Platform as a service (PaaS) are the three types of cloud computing. SaaS is a cloud-based service which offers access to a software or application via an internet browser. An example of SaaS…
Read More
Dec232019 by genxwordadminNo Comments
2019 Year-End Cyber Security Review; 2020 Prediction

2019 Year-End Cyber Security Review; 2020 Prediction

Information Security
2019 Year-End Cyber Security Review; 2020 Prediction Only a few days left until 2020 arrives, LifeLabs disclosed that it paid ransom to cyber attackers to “retrieve” the personal information of its15 million customers – affecting nearly half of the population in Canada. This data breach, the largest to date in this country, gives a glimpse of what the cyber security situation in 2019 looked like and what lies ahead in 2020. LifeLabs Data Breach President and CEO of LifeLabs Charles Brown, in a statement, said that personal information of approximately 15 million customers wasillegally accessed on the company’s computer systems, with the vast majority of the affected customers from British Columbia and Ontario. Brown said that stolen personal information includes name, address, email, login, passwords, date of birth and health…
Read More
Dec162019 by genxwordadminNo Comments
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

Information Security, News
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom Ransomware attackers typically encrypt victims’ data and demand from victims ransom in exchange for the decryption keys. To pressure victims into paying ransom, attackers have added a new tactic: publication of stolen data in the event victims fail to pay ransom. While ransomware attackers in the past threatened victims to leak stolen data online for failing to pay ransom, many don’t follow through. Ransomware victims, as shown in their official statements, often view ransomware attacks not as data breaches – a type of cyber-attack that steals data. Ransomware victims, rather, believe that ransomware attackers can’t access the content itself. This perception that ransomware attackers can’t access the content itself is thrown out of the window as recent ransomware trend…
Read More
Dec92019 by genxwordadminNo Comments
Researchers Unearth New VPN Vulnerabilities

Researchers Unearth New VPN Vulnerabilities

Information Security
Researchers Unearth New VPN Vulnerabilities Over the past few days, details about security vulnerabilities relating to virtual private network (VPN) have been disclosed by security researchers. Immersive Labs researcher and content engineer Alex Seymour recently disclosed that he found two security vulnerabilities, one referred to as CVE-2019-17387 and the other security vulnerability referred to as CVE-2019-17388, in Aviatrix VPN, an enterprise VPN used by organizations such as the National Aeronautics and Space Administration (NASA). CVE-2019-17387, in particular, allows an attacker to gain elevated privileges through arbitrary code execution on these operating systems: Windows, Linux and macOS. While Aviatrix uses certificates to validate legitimate VPN users, preventing supposedly unauthorized access, Immersive Labs said that a bit of digging reveals that relevant private key and certificates can be retrieved inside the file…
Read More